Example #1
0
  @Override
  protected void execute(
      SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context) {
    scriptEngine.setScript(groovyscc.getExecuteScript().getStringValue());
    scriptEngine.setVariable("context", context);
    scriptEngine.setVariable("testStep", testStep);
    scriptEngine.setVariable("securityScan", this);
    scriptEngine.setVariable("parameters", parameters);
    scriptEngine.setVariable("log", SoapUI.ensureGroovyLog());

    try {
      scriptResult = scriptEngine.run();
      hasNext = castResultToBoolean(scriptResult);
      XmlObjectTreeModel model = null;
      for (SecurityCheckedParameter scp : getParameterHolder().getParameterList()) {
        if (parameters.containsKey(scp.getLabel()) && parameters.get(scp.getLabel()) != null) {
          if (scp.isChecked() && scp.getXpath().trim().length() > 0) {
            model = SecurityScanUtil.getXmlObjectTreeModel(testStep, scp);
            XmlTreeNode[] treeNodes = null;
            treeNodes = model.selectTreeNodes(context.expand(scp.getXpath()));
            if (treeNodes.length > 0) {
              XmlTreeNode mynode = treeNodes[0];
              mynode.setValue(1, parameters.get(scp.getLabel()));
            }
            updateRequestProperty(testStep, scp.getName(), model.getXmlObject().toString());

          } else {
            updateRequestProperty(testStep, scp.getName(), parameters.get(scp.getLabel()));
          }
        } else if (parameters.containsKey(scp.getLabel())
            && parameters.get(scp.getLabel()) == null) { // clears null values form parameters
          parameters.remove(scp.getLabel());
        }
      }

      MessageExchange message =
          (MessageExchange) testStep.run((TestCaseRunner) securityTestRunner, context);
      createMessageExchange(clearNullValues(parameters), message, context);

    } catch (Exception e) {
      SoapUI.logError(e);
      hasNext = false;
    } finally {
      // if( scriptResult != null )
      // {
      // getTestStep().getProperty( "Request" ).setValue( ( String
      // )scriptResult );
      //
      // getTestStep().run( ( TestCaseRunner )securityTestRunner,
      // ( TestCaseRunContext )securityTestRunner.getRunContext() );
      // }

    }
  }
Example #2
0
 @Override
 protected void execute(
     SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context) {
   try {
     StringToStringMap updatedParams = update(testStep, context);
     addAttachement(testStep);
     WsdlTestRequestStepResult message =
         (WsdlTestRequestStepResult) testStep.run((TestCaseRunner) securityTestRunner, context);
     message.setRequestContent("", false);
     createMessageExchange(updatedParams, message, context);
   } catch (XmlException e) {
     SoapUI.logError(e, "[XmlBombSecurityScan]XPath seems to be invalid!");
     reportSecurityScanException("Property value is not XML or XPath is wrong!");
   } catch (Exception e) {
     SoapUI.logError(e, "[XmlBombSecurityScan]Property value is not valid xml!");
     reportSecurityScanException("Property value is not XML or XPath is wrong!");
   }
 }